cfn-nag 0.4.18 → 0.4.19

Sign up to get free protection for your applications and to get access to all the features.
Files changed (3) hide show
  1. checksums.yaml +4 -4
  2. data/lib/cfn-nag/custom_rules/RedshiftClusterMasterUserPasswordRule.rb +35 -0
  3. metadata +3 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: de7c69ac0e8609884849a817ea5a7ecfafe7395b14a99b62500c43f9517d74ab
4
- data.tar.gz: 5704f9f2b6362d185c71c40129528cfce1f1b2f3c846360e2e35a2358b9951b7
3
+ metadata.gz: 7a2a0da5087afd45ff50d01b032f61390c7440928d16be8f93b31fe6bf7aff75
4
+ data.tar.gz: 33c7720eb2f3bfc0dfdc524b2e25d71daa2a18ed333d46f8b41697d44db96f91
5
5
  SHA512:
6
- metadata.gz: cf893416dad9ef59053e1626b41cf763ae3319bf7c1cc2543fa7fe0c3e6da5efb8407c0e03aa922db261ad3340c78ab303dc507f391dd205660ae738789051fd
7
- data.tar.gz: 3f2a3039e9f54a68c02ed6041e9e6f55421fb38805918cb33eee7b61f532137aeaadf35568c9eb76fd88d49a15e86ea210dddb780dc3a61951b4880da6c85f42
6
+ metadata.gz: bb1dfb27452acceff0e6e72347e347c9889b05b0590f5deedd243ed1d6f662b34d2d15f9da5be9f65647145f3739fd221ec5e3466a0699d8ebf6e871401aa67e
7
+ data.tar.gz: edfdf7648efd708415e2579608921c3f7699499f412471fa632eb8768b2e02abdfc5ab60b2ce964c5cf321bea8154142ca748d81e8e9b7532333fa10c1aa2197
data/lib/cfn-nag/custom_rules/RedshiftClusterMasterUserPasswordRule.rb ADDED
@@ -0,0 +1,35 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'cfn-nag/violation'
4
+ require 'cfn-nag/util/enforce_reference_parameter'
5
+ require 'cfn-nag/util/enforce_string_or_dynamic_reference'
6
+ require_relative 'base'
7
+
8
+ class RedshiftClusterMasterUserPasswordRule < BaseRule
9
+ def rule_text
10
+ 'Redshift Cluster master user password must be Ref to NoEcho Parameter. ' \
11
+ 'Default credentials are not recommended'
12
+ end
13
+
14
+ def rule_type
15
+ Violation::FAILING_VIOLATION
16
+ end
17
+
18
+ def rule_id
19
+ 'F35'
20
+ end
21
+
22
+ def audit_impl(cfn_model)
23
+ redshift_clusters = cfn_model.resources_by_type('AWS::Redshift::Cluster')
24
+ violating_redshift_clusters = redshift_clusters.select do |cluster|
25
+ if cluster.masterUserPassword.nil?
26
+ false
27
+ else
28
+ insecure_parameter?(cfn_model, cluster.masterUserPassword) ||
29
+ insecure_string_or_dynamic_reference?(cfn_model, cluster.masterUserPassword)
30
+ end
31
+ end
32
+
33
+ violating_redshift_clusters.map(&:logical_resource_id)
34
+ end
35
+ end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cfn-nag
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.18
4
+ version: 0.4.19
5
5
  platform: ruby
6
6
  authors:
7
7
  - Eric Kascic
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-06-20 00:00:00.000000000 Z
11
+ date: 2019-06-21 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rspec
@@ -195,6 +195,7 @@ files:
195
195
  - lib/cfn-nag/custom_rules/RDSInstanceMasterUsernameRule.rb
196
196
  - lib/cfn-nag/custom_rules/RDSInstancePubliclyAccessibleRule.rb
197
197
  - lib/cfn-nag/custom_rules/RedshiftClusterEncryptedRule.rb
198
+ - lib/cfn-nag/custom_rules/RedshiftClusterMasterUserPasswordRule.rb
198
199
  - lib/cfn-nag/custom_rules/ResourceWithExplicitNameRule.rb
199
200
  - lib/cfn-nag/custom_rules/S3BucketAccessLoggingRule.rb
200
201
  - lib/cfn-nag/custom_rules/S3BucketPolicyNotActionRule.rb